AOL Mail accounts breached, users advised to change passwords

Filed Under: Data loss, Featured, Phishing, Spam

AOL logoAOL said it is investigating a large scale breach of AOL Mail in which "a significant number" of accounts were compromised.

User information including encrypted passwords, encrypted answers to security questions, postal addresses, and address book contacts were compromised, the company said in a blog post.

However, AOL said that no users' financial information has been stolen and there is no indication that the encryption on passwords or answers to security questions was broken.

It remains to be seen if what they really meant to say was that users passwords and questions were hashed rather than encrypted (an important distinction when it comes to securing passwords properly).

As a precautionary measure, AOL advised users of any of its services to change their passwords and security questions.

The company said it is working with an external forensics team and federal investigators to find the source of the "serious criminal activity" behind the compromise, which affected about 2% of AOL Mail accounts.

Some media outlets have estimated that 2% of AOL Mail accounts is equivalent to about 500,000 users.

On 28 April, AOL posted an FAQ on its help page that stated the compromise likely occurred when someone gained access to a portion of the network where user account information was stored.

Our investigation remains ongoing, but we believe that a person gained unauthorized access to the AOL network where some user information is stored.

AOL's announcement confirming the breach on Monday 28 April came after a week of user complaints about spam being sent to their contacts.

On 22 April, the company's mail team announced that it was changing its email authentication policy to crack down on the sending of "spoofed" emails that appear to come from AOL addresses but do not come from AOL mail servers.

Spoofing refers to fraudulently altering an email "From" address header to make it appear as though it came from a stolen email address.

According to media reports, the spam messages appearing to come from spoofed AOL email addresses contain links to malicious phishing websites and online markets for diet pills.

Virus Bulletin reported that malicious links in spoofed AOL emails download a Trojan malware when opened on Android devices.

One spam email obtained by GigaOm contained the subject line "How are you?"

In the message body it simply says "Have you already seen it?" followed by a link to the spam website.

What to do if your account was compromised

If you're an AOL Mail user, visit account.aol.com to change your password and security question immediately.

If you use the same password as your AOL account for other websites, change those passwords as well - and remember, you should use a unique password for each of your online accounts in case one of them is compromised.

Consider using a password manager such as LastPass or 1Password to generate and store complex passwords.

More on password security

For a deeper understanding of password security, listen to this episode of Sophos Techknow - Busting Password Myths.



, , , , ,

You might like

7 Responses to AOL Mail accounts breached, users advised to change passwords

  1. Pedro · 185 days ago

    Oh oh, again! Luckily I have a unique password for each of my online accounts so I am safe, but without a password manager it will not be possible. I recommend it to everyone to use one.

    • Mark · 184 days ago

      Does this also apply to talktalk email accounts who use AOL mail?

      • John Zorabedian · 184 days ago

        Hi Mark - you should change your TalkTalk password - AOL recommends it for any of its services including TalkTalk.

  2. artfrankmiami · 184 days ago

    If they have my name and home address, they can figure away to steal everything.

  3. Jason · 184 days ago

    The impact of this breach goes beyond just AOL users - notice the point about address books being compromised.

    I got one of these spam emails from my father-in-law's AOL address. Even though the email came from a non-AOL server (aka they didn't breach his password or log-in to his account), it still means the attackers have all his contact info and can use that for phishing. It also means that now I've been indirectly affected by this data breach just for being in someone's address book.

    I would say in that case - rather than 500,000 people being affected - there are likely several million when you consider all the email addresses and potential relationships they can map based on the unencrypted data.

    • John Zorabedian · 184 days ago

      You make some excellent points Jason - a lot of people will see more spam and phishing as a result of this breach.

      I hope you told your father-in-law to change his password anyway!

      Thanks -

      • Sally · 172 days ago

        I'm one of the AOL customers affected. Initially the phishing emails were spoofed, but later emails look like they came from my account. The weird part is that the non-spoofed emails were sent after I changed my password and security questions. (I did that as soon as I realized the spoofed email were going to people in my address book.)

        I scanned my computer right away and found no viruses. A friend who works in IT security, told me that the messages must have been sent via the AOL website. (I use the AOL software on my computer & almost never sign in at the website, though I do use their Alto mail service.) He looked on my computer and said it was difficult to get a clear idea of what was going on because of the way AOL does things.

        I took some consolation from the fact that I learned about the problem when emails were bounced to me after being caught by some recipients' email software, and the thought that the emails were very obvious scams that won't take in too many people.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

John Zorabedian is a blogger, copywriter and editor at Sophos. He has a background in journalism, writing about technology, business, politics and culture. He lives and works in the Boston area.